Open DNS Issues

by George Chetcuti [Published on 5 June 2014 / Last Updated on 5 June 2014]

An open DNS server is a DNS server that responds to recursive queries (queries for domains that the DNS server is not authoritative for), and does so for anyone (not just clients on your local network).

The main issue with open resolvers is that they pose a significant threat to the global network infrastructure. Since, they respond to recursive queries from all hosts they can be utilized in DDoS attacks.

If you manage a DNS server and your business requirements force you to allow open recursion then you can restrict replies only to your internal or customer IP ranges via a simple configuration task. For more info go here - http://www.team-cymru.org/Services/Resolvers/instructions.html

Also, note that Authoritative servers should not offer recursion, but can still be used in an attack. Follow the link provided to find out how to configure your Authoritative DNS servers to use Response Rate Limiting - http://www.redbarn.org/dns/ratelimits

Add Review or Comment

See Also

Featured Links